- Cara Delevingne calls out Justin Bieber for ‘ranking’ wife Hailey’s friends Friday 9:07 PM
- Fans defend Jenna Marbles after some people claimed she mistreated her dogs in a recent video Friday 8:37 PM
- ‘Friends’ gets reunion special on HBO Max, fans go wild Friday 7:37 PM
- Why you should drop everything and start reading ‘Lore Olympus’ Friday 6:27 PM
- ‘Boogaloo’ memes are trying to organize a second civil war—and they’re spreading fast Friday 3:48 PM
- People are disturbed by these McDonald’s-scented candles Friday 3:47 PM
- Season 2 of ‘The Witcher’ is in production Friday 3:16 PM
- Here are some cringey billboards Bloomberg ran in Arizona Friday 2:51 PM
- PewDiePie returns to YouTube after 37-day hiatus Friday 2:01 PM
- Why was a Republican Party Facebook page co-managed by someone in Turkmenistan? Friday 1:26 PM
- The shorthand guide to ‘Star Wars: The Clone Wars’ Friday 1:07 PM
- Congress urges Tinder to screen for sex offenders Friday 1:03 PM
- Video shows 9-year-old threatening suicide after being bullied Friday 12:01 PM
- Ex-Goldman Sachs CEO says he might vote Trump because Sanders is too mean to him Friday 11:40 AM
- Twitch streamer says she was banned for body painting Friday 11:39 AM
Over 50 million people count on the Google-owned Waze app to direct them to their destination. If you’re one of them, you should know a recent report claims that hackers can also trace your tracks and see exactly where drivers are in real time.
A report from Fusion highlighted a vulnerability found by researchers at the University of California-Santa Barbara that allowed hackers to monitor nearby drivers. The exploit allowed a third party to sit between Waze servers and the mobile device it is communicating with to intercept the information that is being transferred.
Through this method, the researchers found they were able to direct commands to the Waze servers that would create an artificial traffic jam by populating the map with non-existent cars or monitor the location of specific drivers.
The revelation is of particular concern for drivers counting on Waze, the Google-owned crowdsourced map service, to get them from point A to point B. It places users at risk to fall victim to invasive outsiders who can watch their every move without ever being detected.
At one point, the exploit was considerably worse; it enabled hackers to track any Waze user who had the app running in background on their phone. Since an update in January, which Waze users should be sure to download, the vulnerability has been diminished to only work when the app is on in the foreground—but for many that means any time they are on the move, they can be tracked.
Aside from ensuring their app is up-to-date—the best and most effective way to avoid exploits that have been stomped out—users have little in terms of permanent reprieve from the problem at the moment.
The only option to avoid the exploit is to activate invisible mode while using the app. Doing so will make the user unseeable to friends, and will prevent the ability to send reports, add or edit places, and send messages to friends and other Waze users—but it also prevents hackers from tracking activity and movement.
To go invisible on Waze, go to the app menu and tap your name for My Waze. A “Go Invisible” option should appear in the menu, which you can toggle on. Note that this only works for a single session at a time; you’ll have to reset invisibility every time that you restart the app.
Google did not respond to request for comment on the exploit or potential safety precautions for users.
In response to the recent privacy concerns, Waze Spokesperson Julie Mossler provided the Daily Dot with the following statement:
The Waze ecosystem is built upon trust and deep respect for our users. Real-time traffic simply doesn’t work without the participation of our community, and we are constantly reviewing and adding safeguards to protect them. It’s imperative to note that our system has been, and continues to be, safe for everyday users; neither the reporter or other users’ accounts were compromised and it is not possible for a stranger to search for, find or track your Wazer on the map in real time. With the consent of the reporter to use her Waze username and location details, the researchers were able to deduce sections of her route, after the fact. None of these activities have occurred in real-time and in real-world environments, without knowing participants.
Within the last 24 hours new security implementations have been added in several areas, including preventing the hypothetical threat of ghost riders from affecting system behavior and performing similar tracking. We thank the researchers for their findings.
AJ Dellinger is a seasoned technology writer whose work has appeared in Digital Trends, International Business Times, and Newsweek. In 2018, he joined Gizmodo as the nights and weekend editor.